Mercurial > gnulib

--- a/ChangeLog	Wed Oct 18 10:19:35 2017 -0700
+++ b/ChangeLog	Thu Oct 19 12:39:45 2017 -0700
@@ -1,3 +1,12 @@
+2017-10-19  Paul Eggert  <eggert@cs.ucla.edu>
+
+	glob: fix heap buffer overflow
+	* lib/glob.c (glob): Fix off-by-one error introduced into
+	glibc in commit dd7d45e838a42b0ed470c44b55901ea98d0c2bab
+	dated 1997-10-29 20:33:40.  Problem reported by Tim Rühsen in:
+	https://sourceware.org/bugzilla/show_bug.cgi?id=22320
+	Fix suggested by Bruno Haible.
+
 2017-10-18  Paul Eggert  <eggert@cs.ucla.edu>

 	glob: pacify fuzzer for mempcpy
--- a/lib/glob.c	Wed Oct 18 10:19:35 2017 -0700
+++ b/lib/glob.c	Thu Oct 19 12:39:45 2017 -0700
@@ -764,7 +764,7 @@
                   *p = '\0';
                 }
               else
-                *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
+                *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
                   = '\0';
               user_name = newp;
             }